I'm interested in the OSCP class, but I have a concern about my current abilities. I've done pen tests for the company that I work for now, and I understand the basics of Metasploit, nmap, nessus, etc., but I've been reading comparisons between this course and eLearnSecurity's course. eLearnSecurity states that their course is designed for 0 - 3 years of experience and it seems to be the recommended before doing OSCP. I don't pen test on a daily basis, so I don't know how much relevant and practical experience in "years" that I really do have.

I don't know ASM (I'm reading up on it now), I have the basics of Python (written a few scripts from scratch), I don't know Ruby, and I know a little C/C++ but have never written an exploit. I've used BT off and on since BT3, but nothing major.

I guess I need to know if I'm a good candidate for the course. I don't want to get in over my head.

From what you've posted, I think you'd do fine in OSCP, however, not knowing you, personally, or your drive / motivation level, I can't say, conclusively, that it's for you. The biggest factor you'll face with OSCP, if your original post is an honest assessment of yourself, is time. You need to make the time to really dive into the course. But that said, again, if you're being truthful, I've seen folks with less experience pass OSCP, successfully.

While I have not had the time to take the final 'exam' for it, I can tell you, too, that eLearn's course is also excellent. I reviewed it for Armando, a while back, and I feel he has some excellent material in there. It's another A+ learning experience. Additionally, he's a member here, and can give you some more information if you open up a discussion with him.

Ultimately, I'd say this. If you're nervous, and want to dive in, but unsure of your time and commitment levels, yet, I'd definitely start with eLearn. There's a lot to it, but you've got more time to work through it. If you're a glutton for punishment, and feel that you have the time and resources to go for OSCP, then it's sort of up to you which way you want to go. Both are excellent courses, and you'll learn a lot, either way.

Good luck, and keep us posted on how you do.

Last edited by hayabusa on Tue Jun 28, 2011 6:54 am, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

Well, I can say that eLearn's course is more of a reading / viewing experience, or at least it was, expecting you to then take the knowledge to your own labs for testing. I know Armando and his team have been working on creating their own attack labs, and more hands on experience for their courses. Could be significantly better, for hands on experience, by now. I haven't had opportunity (and my temporary access will likely expire, due to lack of time) to their latest labs. But lifetime access - to the materials, slides and info covered - does make a nice bonus, if you ever want to go back and review.

OSCP is a really about the effort. They make you go outside of the box, do your own outside research on a lot of topics, and really spend your time going in depth on the various pieces. There's a lot of 'Try Harder' (one of their favorite hints / taunts / motivators) strewn throughout the online labs, and they really push you to figure things out, even if not fully covered in the reading / videos. I personally enjoy that type of learning, so it was a bonus for me, to just dig in, get my hands dirty, and go after it.

Again, I think if you're really motivated, and can dedicate the time, you could likely pass OSCP. But I think if you're concerned about those factors, I can tell you that eLearn's course was top notch, and can be taken at a more leisurely pace, while still honing your skills, learning new topics, and gaining lots of good information. Both courses come with great support, by way of email, chat, etc, and both have a good community built up around them, to assist you, now.

In the end, it's going to come down to a personal choice, which obviously, we can't make for you. But in the end, whichever way you go, you're in for a good experience, IMHO.

Edit: Oh, and as far as point'n'click versus CLI... Much of what is done, in the eLearn stuff, is done with GUI tools, at least, in the webapp side of things. And that's due, in large part, to the fact that a lot of the current webapp scanning / testing tools are GUI-based. You could still do much of that from a CLI, but when tools are available, makes more sense to use them. Much COULD be done with GUI tools in OSCP, as well. OSCP definitely has you spending a lot of time in Metasploit framework, and at a coding level, so you'd definitely want to be comfortable with a command prompt / shells. But either way, for BOTH courses, you could do a lot. At the end of the day, you'll be using both, and want to be comfortable with both, and if you've done some programming, I think you'll do fine, either way.

Last edited by hayabusa on Tue Jun 28, 2011 7:37 am, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

packet.Wire wrote:I read a comparison on this site (I'll have to find a link) that said eLearn's offering was more of a point and click course whereas OSCP was more CLI driven. Is that true? Any thoughts on that?

Having taken both courses I can confirm this! Both are great and fun (:

I completely agree with hayabusa's posts. I think your ready to indulge in the OSCP class - just be sure to purchase enough lab time. They recommend 60 but you'll have so much fun and get more experienced purchasing 90! Give it your all and you'll prevail victorious!

if you are looking for reviews, check mine out too! when i read your current "skill level" i think you are on the same level as when i started OSCP, read the walktrough and you will see i had great difficulty passing, but then again, i did pass so it can be done! just be prepared to invest many hours of learning, and i mean very very very many...Good luck and keep us posted!

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net